redline | 8cfe089f2e525a7a38f5897bb9263a19435ea2982b68898ce0f6d53a8dd066a4 | Triage

Sharing

General

Target

Escalibur.exe
Size

621KB
Sample

240726-24qynsterc
MD5

a7a91134af3f39014eec4d3a7e1f0d21
SHA1

8c41514ddcc37004ea25ba71fda75ce66b89d04b
SHA256

8cfe089f2e525a7a38f5897bb9263a19435ea2982b68898ce0f6d53a8dd066a4
SHA512

37e8175766585e88468aee1f9203324e0dc7c7f2af2b47ee7e1419eea741fa928efcc3ae328a23fcba9901d1a3b63cbcff3ee86c0c0e92f15fff61527f65b563
SSDEEP

12288:laz9+wtZWvDGUeKGRivMiTXBej0wK3NQ1bDAAiwYKXF1YUUQK3FGJTIePGJGZVc:lah+oZiGKGRi3gjtKdU

Score

10^/10

redline credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

- Target
  
  Escalibur.exe
- Size
  
  621KB
- MD5
  
  a7a91134af3f39014eec4d3a7e1f0d21
- SHA1
  
  8c41514ddcc37004ea25ba71fda75ce66b89d04b
- SHA256
  
  8cfe089f2e525a7a38f5897bb9263a19435ea2982b68898ce0f6d53a8dd066a4
- SHA512
  
  37e8175766585e88468aee1f9203324e0dc7c7f2af2b47ee7e1419eea741fa928efcc3ae328a23fcba9901d1a3b63cbcff3ee86c0c0e92f15fff61527f65b563
- SSDEEP
  
  12288:laz9+wtZWvDGUeKGRivMiTXBej0wK3NQ1bDAAiwYKXF1YUUQK3FGJTIePGJGZVc:lah+oZiGKGRi3gjtKdU
Score

10^/10

discovery redline credential_access infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinecredential_accessdiscoveryinfostealerspywarestealer